資安事件新聞週報 2022/2/28 ~ 2022/3/4
1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/publicationListing.x
Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products
https://thehackernews.com/2022/03/critical-patches-issued-for-cisco.html
Release of QRadar 7.5.0 Update Package 1 SFS (7.5.0-QRADAR-QRSIEM-2021.6.1.20220215133427)
https://reurl.cc/oeAQXV
Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to
buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)
https://reurl.cc/MbVNDm
Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack
https://thehackernews.com/2022/03/critical-bugs-reported-in-popular-open.html
Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software
https://thehackernews.com/2022/03/critical-security-bugs-uncovered-in.html
Linux快很多! Google 資安團隊提軟硬體與作業系統業者修補資安漏洞平均速度
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9733
GitLab出現重大漏洞,恐被用於挾持特定Token
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
Windows 11自動更新擾民 3招內建選項無煩惱
https://reurl.cc/k7gqbG
2.銀行/金融/保險/證券/支付系統/金融監理 新聞及資安
國銀ATM當機常搞烏龍 金管會下令作好2件事
https://www.cardu.com.tw/news/detail.php?45560
政清輔淡逢「五校聯盟」學程名額秒殺 中信金跨校培育金融科技人才
https://www.ctwant.com/article/170842
台灣保戶淪為重災戶?金管會回應「壽險對俄曝險逾千億」質疑
https://www.gvm.com.tw/article/87571
壽險業持有俄債 壽險公會:曝險占比低 風險可控
https://www.rti.org.tw/news/view/id/2125981
保險集團怡安驚傳遭到網路攻擊
https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/
西方制裁俄羅斯 專家:美銀行業恐遭報復性網攻
https://reurl.cc/EpeXW0
將俄逐出SWIFT 歐美出重手
https://reurl.cc/6ExL35
3.電子支付/行動支付/pay/資安
一卡通Money、街口、悠遊付…8家電子支付!儲值、轉帳、提領手續費多少
https://reurl.cc/zMErYk
全聯「全支付」獲電支營業執照,PX Pay 助力電子支付服務
https://technews.tw/2022/03/01/px-mart-to-invest-in-the-electronic-payment-institutions/
LINE Bank與一卡通合作 創純網銀與電子支付結盟首例
https://udn.com/news/story/7239/6131587
行動支付權益一次看! 街口5月推提領免手續費活動
https://finance.ettoday.net/news/2199092
全家拿下電子支付執照!成全台第一間零售通路結合金融產業的電子支付
https://www.inside.com.tw/article/26820-familymart-epay
迎戰雙全進逼 icash Pay續拓餐飲通路、增線上購券功能
https://udn.com/news/story/7241/6139571?from=udn-ch1_breaknews-1-cate6-news
制裁生效!俄羅斯多家銀行無法使用電子支付
https://reurl.cc/6ExLn6
愛用電子支付者注意 金管會修電支存保額度
https://www.chinatimes.com/realtimenews/20220224004282-260410?chdtv
一銀宣布結盟Samsung Pay 行動支付新里程碑
https://www.chinatimes.com/realtimenews/20220301003342-260410?chdtv
LINE Pay學會這2招!刷臉就能付錢
https://reurl.cc/e6AWYm
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約 資安
NFTs Aren’t As Stupid As You Think
https://onezero.medium.com/nfts-arent-as-stupid-as-you-think-bffab89697e3
副財長:多項原因 政府不承認加密貨幣為法定貨幣
https://reurl.cc/44np2D
派盾:2月DeFi漏洞利用被盜資金達3.39億美元
https://news.cnyes.com/news/id/4822364?exp=a
TreasureDAO駭客已開始歸還被盜NFT
https://news.cnyes.com/news/id/4823208
TreasureDAO遭攻擊、100多個NFT被盜!MAGIC暴跌30%;駭客歸還部分盜竊NFT
https://www.blocktempo.com/stolen-nfts-returned-to-users-hours-after-treasure-exploit/
又一間NFT 平台被駭客攻撃 損失200萬港幣
https://www.pinterest.com/pin/139822763421921715/
烏克蘭官方推特帳號貼出加密貨幣籌款地址,兩天入帳上千萬美元
https://www.techbang.com/posts/94517-ukraines-official-twitter-account-posted-a-cryptocurrency
烏克蘭政府籲對俄羅斯加密貨幣用戶實施全面打擊
https://reurl.cc/RjmOoG
成人女星 Lana Rhoades 被控涉嫌 NFT 騙局
https://hypebeast.com/zh/2022/2/lana-rhoades-cryptosis-1-5-million-usd-nft-rug-pull
分析鏈上詐騙慣性!資安公司派盾(PeckShield):應避免這些特徵的加密貨幣或NFT專案
https://news.cnyes.com/news/id/4821585
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
駭客已對烏克蘭的各大機構部署了破壞性的惡意程式
https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
殭屍網路FritzFrog捲土重來鎖定醫療、教育、政府單位
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=12&aid=9738
勒索軟體駭客首度提出要求,要脅Nvidia解除顯示卡挖礦限制來換回機密資料
https://www.tomshardware.com/news/nvidia-hackers-threaten-to-release-lhr-performance-limiter
Dridex 殭屍網路和 Entropy 勒索軟體的程式碼極為相似
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9740
安卓木馬TeaBot鎖定逾400個金融機構用戶,竊取帳密和簡訊內容
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
TeaBot 木馬惡意軟體再次出現在 Google Play Store 中,目標鎖定美國用戶進行金融駭侵攻擊
https://www.twcert.org.tw/tw/cp-104-5800-c8e65-1.html
實聯制要小心!QR碼掃描器藏「木馬病毒」
https://reurl.cc/DdE3Gj
Conti 和 Karma 勒索軟體同時利用 ProxyShell 漏洞攻擊醫療機構
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9741
惡意軟體FoxBlade於俄烏戰爭爆發前夕,攻擊烏克蘭軍事單位與政府機構
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
CERT-UA alerts of phishing campaign
https://otx.alienvault.com/pulse/6222096d5505582bf113ccb7
SharkBot: A new generation Android banking Trojan being distributed on Google Play Store
https://reurl.cc/RjmXEn
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails
to Target European Governments and Refugee Movement
https://reurl.cc/02RXlk
俄烏戰爭爆發前夕針對烏克蘭的網路攻擊恐不只一起!惡意軟體IsaacWiper鎖定政府機關破壞資料
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
https://go.recordedfuture.com/hubfs/reports/mtp-2022-0302.pdf
New Sandworm Malware Cyclops Blink Replaces VPNFilter
https://www.ncsc.gov.uk/news/new-sandworm-malware-cyclops-blink-replaces-vpnfilter
New information stealing malware “ColdStealer” being distributed
https://asec.ahnlab.com/ko/31703/
Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA
https://reurl.cc/qO6N20
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
中國駭客將後門程式Daxin埋藏於作業系統核心,攻擊政府單位與關鍵基礎設施
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks
https://thehackernews.com/2022/03/china-linked-daxin-malware-targeted.html
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware
https://www.fortinet.com/blog/threat-research/unraveling-the-evolution-of-the-soul-searcher-malware
UNC1151/GhostWriter Phishing Attacks Target Ukrainian Soldiers
https://community.riskiq.com/article/e3a7ceea/description
OutSteel, SaintBot Delivered by Spear Phishing Attacks Targeting Ukraine
https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/
Destructive Malware Targeting Organizations in Ukraine
https://reurl.cc/jkoGeL
勒索軟體Conti內部機密外洩,起因是表態支持俄羅斯
https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/
力挺俄羅斯引發烏克蘭人士不滿,勒索軟體Conti原始碼遭到洩露
https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/
Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia
https://thehackernews.com/2022/03/conti-ransomware-gangs-internal-chats.html
TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail
https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html
Rebirth of Emotet: New Features of the Botnet and How to Detect it
https://thehackernews.com/2022/02/reborn-of-emotet-new-features-of-botnet.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature
https://thehackernews.com/2022/02/100-million-samsung-galaxy-phones.html
三星手機爆資安漏洞!Galaxy系列機種皆遭殃
https://newtalk.tw/news/view/2022-03-01/716924
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
雅虎徹底退出中國 228起關閉電子信箱服務
https://www.rti.org.tw/news/view/id/2125720
從俄羅斯到中國,那些由政府外包的駭客攻擊行動
https://vocus.cc/article/621c44fefd897800015f70ff
Taiwan Platform for Ukraine Donations Hacked 台烏募款平台上線第2天 遭海外駭客攻擊
https://news.pts.org.tw/article/569881
駭客廣泛運用Log4Shell漏洞發動DDoS攻擊、挖礦攻擊
https://blog.barracuda.com/2022/03/02/threat-spotlight-attacks-on-log4shell-vulnerabilities/
駭客濫用API發動的攻擊行動,在2021年爆增近7倍
https://reurl.cc/pWAZrx
輪胎大廠普利司通遭到網路攻擊而停工數日
https://www.zdnet.com/article/bridgestone-still-struggling-with-plant-closures-after-cyberattack/
Toyota 日本國內所有工廠,因供應商遭駭而全面停工
https://www.twcert.org.tw/tw/cp-104-5780-7b78f-1.html
駭客組織ShinyHunters非法獲取了哪些企業的使用者資料
https://bearask.com/ent/2237716.html
鎖定各國政府機構竊密 美資安公司揪出中國絕密惡意軟體
https://news.ltn.com.tw/news/world/breakingnews/3844902
部分日本廠區遭駭 環球晶:受影響機台逐步恢復生產
https://reurl.cc/GoOE9x
日本子公司遭網路攻擊 環球晶:機密資料無影響
https://newtalk.tw/news/view/2022-03-03/718170
Nvidia證實遭網攻,有駭客團體宣稱是他們所為,恐嚇該公司若不解除限制與開放原始碼就洩密
https://www.ithome.com.tw/news/149674
Nvidia也遭攻擊!駭客竊取1TB的GPU軟硬體資料、要求開放顯卡挖礦
https://reurl.cc/qO6Nyy
駭客已竊取英偉達員工憑證、開始兜售解除顯卡挖礦限制方式
https://www.owlting.com/news/articles/62730
勒索未果,駭客公佈英偉達核心原始碼
https://uetie.com/tech/691077.html
美國參議院通過一攬子網絡安全議案,將要求公司上報駭客攻擊事件
https://reurl.cc/EpeXz1
772萬粉駭客籲全球「鍵盤教訓俄羅斯」 正反兩極聲音四起
https://www.taisounds.com/Global/Trend/Latest/uid5357371493
烏克蘭招募IT軍隊,鎖定俄羅斯31個關鍵基礎設施發動網路攻擊
https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/
烏克蘭網軍宣布駭入多個俄羅斯關鍵網站,使其下線
https://www.twcert.org.tw/tw/cp-104-5798-fb7eb-1.html
烏克蘭網軍出擊 鎖定破壞俄羅斯電力鐵路設施
https://wantrich.chinatimes.com/news/20220302900805-420201
駭客匿名者出招!俄國家電視頻道遭入侵 播放烏克蘭歌
https://today.line.me/tw/v2/article/LXOX5jM
全球最大駭客組織「匿名者」向莫斯科宣戰!駭入俄羅斯國防部資料庫、在官媒電視台播放挺烏克蘭歌曲
https://reurl.cc/veAmXk
從烏俄之戰看「在地化」情資的重要性
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9739
2022 年烏克蘭網路攻擊:網路資安地緣政治
https://blog.trendmicro.com.tw/?p=71479
駭客挺烏癱瘓俄國充電站 螢幕寫「普亭是傻瓜」
https://www.worldjournal.com/wj/story/121256/6136845
匿名者:俄曾洩密提醒澤倫斯基「慎防暗殺」
https://news.ltn.com.tw/news/world/breakingnews/3847353
情報單位洩密烏克蘭總統暗殺行動? 駭客「匿名者」爆料:俄國將掀內部鬥爭
https://www.upmedia.mg/news_info.php?Type=3&SerialNo=139005
匿名者:俄國洩露暗殺澤倫斯基計畫 內部權鬥將推翻普欽
https://news.tvbs.com.tw/amp/world/1730315
針對俄羅斯對烏克蘭出兵,匿名者、Conti等駭客組織選邊站
https://www.ithome.com.tw/news/149578
調查組織《Bellingcat》數位查證掌握戰況 紀錄戰爭罪行
https://tfc-taiwan.org.tw/articles/7023
俄國早看透!匿名者發起網路攻擊,普丁準備「國家級內網」應戰
https://technews.tw/2022/03/04/russia-internet/
俄網遭駭客頻發攻擊 俄媒爆:政府準備啟動Runet內網切斷全球網路
https://www.ettoday.net/news/20220302/2199405.htm
最大駭客「匿名者」:癱瘓俄航太局 關閉1500個俄網站
https://udn.com/news/story/122699/6134175
「匿名者」駭客癱瘓1500個俄網站! 俄航太局也無法聯繫自家衛星
https://www.ettoday.net/news/20220302/2199138.htm
「全球暴打俄羅斯」連駭客也來了!《匿名者》宣布癱瘓普丁的間諜衛星
https://tw.appledaily.com/international/20220302/DLBALUKPIBHRBPLNUWDPBHOJ5U/
烏克蘭版「唐鳳」︰他組駭客軍團、要搜普丁錢包
https://www.gvm.com.tw/article/87568
駭客出手了?北溪2號傳破產裁員 官網「慘被攻擊到關閉」
https://www.setn.com/News.aspx?NewsID=1079009
Taiwan Can Help?烏克蘭宣布招募「網路義勇軍」 癱瘓俄羅斯網路
https://times.hinet.net/news/23780110
烏克蘭用 Telegram 招募志願者,成立「IT 軍隊」對抗俄羅斯網路攻擊
https://technews.tw/2022/03/02/ukraine-recruits-volunteers-through-telegram/
烏克蘭組建黑客大軍!俄羅斯錯過網攻黃金機遇期
https://buzzorange.com/techorange/2022/03/03/ukraine-it-army/
匿名者對俄宣戰 號召全球駭客網攻
https://ec.ltn.com.tw/article/breakingnews/3845123
烏俄網路大戰 專家:中國駭客也在台灣埋了「數位定時炸彈」
https://www.cw.com.tw/article/5120248
駭客組織 Anonymous 傳向俄兵喊話:交出坦克送 5 萬美元比特幣
https://www.hksilicon.com/articles/2152084
駭客組織Anonymous以比特幣作獎勵引誘俄羅斯士兵捐贈坦克
https://news.cnyes.com/news/id/4823126
俄烏戰況膠著…戰場轉往網路戰?「12萬俄軍參戰名單」疑遭匿名者外洩
https://news.sina.com.tw/article/20220302/41305674.html
俄專家:微軟若撤離俄羅斯 用戶會轉向Linux
https://ec.ltn.com.tw/article/breakingnews/3847621
俄烏戰爭爆發後,逾30所烏克蘭大學WordPress網站遭到入侵
https://reurl.cc/zMEr60
俄羅斯截斷烏克蘭網路 馬斯克「星鏈」解救
https://www.worldjournal.com/wj/story/121256/6129329
俄烏戰爭引台海憂慮 余茂春:台灣比烏克蘭安全
https://www.soundofhope.org/post/597757?lang=b5
中共趁亂南海軍演 美艦駛過台海展示支持
https://www.soundofhope.org/post/597715?lang=b5
Hackers Who Broke Into NVIDIA's Network Leak DLSS Source Code Online
https://thehackernews.com/2022/03/hackers-who-broke-into-nvidias-network.html
Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies
https://thehackernews.com/2022/03/hackers-try-to-hack-european-officials.html
Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks
https://thehackernews.com/2022/03/hackers-begin-weaponizing-tcp-middlebox.html
Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion
https://thehackernews.com/2022/03/microsoft-finds-foxblade-malware-hit.html
(LINE Bank) Application Security Engineer_應用系統安全工程師
http://www.104.com.tw/jb/104i/job/view?j=6ty6x
醫療資訊室(資訊組)院聘資訊工程師(資安)
https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=48309&HIRE_ID=11031135
精誠資訊擴大徵才!全年召募逾1000名員工
https://ec.ltn.com.tw/article/breakingnews/3848332
疫後首場實體徵才登場 五大金控徵才亮點一次看
https://wantrich.chinatimes.com/news/20220302900770-420101
【資安所】資安測試工程師
https://www.104.com.tw/jb/104i/job/view?j=7jsuc
【ISMS/PIMS】資安風險管理顧問
https://www.104.com.tw/job/7jpm6
【金融業】資安風險管理顧問
https://www.104.com.tw/job/7jpm4
大學甄選入學委員會徵聘資安人員1名
https://www.ccu.edu.tw/new_content_demo.php?type=bulletin&id=37905
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
假QR code行釣魚之實! 四大常見QR code騙術
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9736
OL控職場霸凌!為蒐證用主管電腦寄email遭開除 法官:解僱違法
https://tw.appledaily.com/local/20220302/JCZPIEWW6FD7TMVRTKZ757DSTU/
幣安(Binance)警告:加密貨幣投資者小心簡訊釣魚詐騙
https://blog.trendmicro.com.tw/?p=71399
網釣攻擊鎖定幫助烏克蘭難民的國家而來
https://reurl.cc/3j93eX
白俄羅斯駭客鎖定烏克蘭武裝部隊,發動網路釣魚攻擊
https://www.bleepingcomputer.com/news/security/ukraine-links-belarusian-hackers-to-phishing-targeting-its-military/
Facebook 封禁散播俄軍在烏不實資訊的虛假賬戶
https://chinese.engadget.com/facebook-takes-down-fake-accounts-boosting-russian-disinformation-in-ukraine-110040977.html
大量機密數據遭公開 加州律師協會:正全力調查
https://www.epochtimes.com/b5/22/2/28/n13610394.htm
Microsoft 365 中的Power Automate,有資料外洩的疑慮
https://blog.twnic.tw/2022/02/28/21885/
E.研究報告/工具
HENNGE 邀請資策會講師分享 2022 企業資安法規概覽及法遵建議
https://hennge.com/tw/blog/security-law-webinar.html
APT36 (Earth Karkaddan) 駭客集團的攻擊手法與惡意程式分析
https://blog.trendmicro.com.tw/?p=71210
If you haven‘t heard of descriptors, you don‘t know Python
https://medium.com/@florian.rieger/if-you-haven-t-heard-of-descriptors-you-don-t-know-python-1ea4fd1614c2
Python: 5 ways to make money without a job
https://medium.com/@saadbenaicha/python-5-ways-to-make-money-without-a-job-377d2a8639c0
Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption
https://thehackernews.com/2022/03/researchers-demonstrate-new-side.html
How to Automate Offboarding to Keep Your Company Safe
https://thehackernews.com/2022/03/how-to-automate-offboarding-to-keep.html
Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities
https://thehackernews.com/2022/03/report-nearly-75-of-infusion-pumps.html
Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures
https://thehackernews.com/2022/02/experts-create-apple-airtag-clone-that.html
OPENSSLDIR Privilege Escalation CVE-2021-2307 - Paper
https://www.exploit-db.com/docs/50747
LightSpeed Cache Vulnerability - Paper
https://www.exploit-db.com/docs/50679
Abusing LAPS - Paper
https://www.exploit-db.com/docs/50680
F.商業
Fortinet 發布新世代防火牆 FortiGate 3000F 助全球企業建立混合式資安架構,加速數位創新
https://reurl.cc/KpRQGy
新惡意程式可突破防火牆 中租迪和提高端點防護顧資安
https://finance.ettoday.net/news/2199492?from=rss&redirect=1
進用退除役官兵比例22% 旭聯資安獲頒獎座表彰
https://www.mypeoplevol.com/Article/17783
雲端人資系統「Femas HR」 通過國際級資安標準ISO27001驗證,創今年全台首例
https://stock.pchome.com.tw/news/cat9/20220301/64612922013934287001.html
因應 5G 網路高密度佈署模式, NXP 攜手仁寶打造整合小型基站解決方案
https://www.cool3c.com/article/173600
G.政府
停電是駭客網攻?政院:調查報告完成前 不排除任何可能
https://www.epochtimes.com/b5/22/3/3/n13618688.htm
追停電原因 政院:人員疏失就咎責
https://reurl.cc/02RXYK
大停電、台電官網停擺 刑事局:目前未有駭客入侵跡象
https://udn.com/news/story/7238/6136922
NCC打造國家通訊領域安全軟體實驗室 提升資安防護力
https://www.peopo.org/news/573866
俄烏開戰 政院:國安基金隨時因應
https://wantrich.chinatimes.com/news/20220301900433-420501
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software
https://thehackernews.com/2022/02/cisa-warns-of-high-severity-flaws-in.html
IoV Security車聯網資安不亞於性能安全
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9735
5G智慧應用下,華電聯網推動自主研發資安平台
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9734
擘劃5G智慧應用與未來先進科技服務願景,協助企業實現數位轉型及實踐ESG責任
華電聯網推動 5G 智慧應用 加速數位化願景與創新步伐
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/A366255F5EDC43C89B74317DF3C8F9EC
鴻海研究院NExT Forum 宣示守護AI生態圈
https://wantrich.chinatimes.com/news/20220303900676-420101
全球已經把 AI 安全發展當成軍備競賽,台灣跟上了嗎
https://buzzorange.com/techorange/2022/03/02/ai-security-foxconn-next-forum/
7成5醫用輸液幫浦存在已知安全漏洞
https://unit42.paloaltonetworks.com/infusion-pump-vulnerabilities/
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50797
I.教育訓練
中華軟協-iPAS「初級」資訊安全工程師能力研習衝刺班:全面招生中
https://www.cs.nycu.edu.tw/announcements/detail/8778
2022「證券期貨資訊安全實務養成課程」即日起開始報名
https://www.sfi.org.tw/news/news-7/3589
網路時代人人要學的資安基礎必修課 (How Cybersecurity Really Works)
https://www.tenlong.com.tw/products/9786263240384?list_name=p-r-zh_tw
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
【資安管理國際證照懶人包】學習心得、考試要點一次整理!2022 轉職夢幻工作看這篇
https://buzzorange.com/techorange/2021/12/30/isaca/
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
110年新進人員「校園資訊安全講座」教材
https://cc.nccu.edu.tw/p/406-1001-740,r18.php
【訓練教材D】資訊安全技術教育訓練教材
https://iscb.nchu.edu.tw/2019/07/d.html
109資通安全管理法數位教育訓練
https://reurl.cc/ARlmqp
110-1初級資訊安全工程師-資訊安全管理概論
https://yamol.tw/exam.php?id=104050
中大信息工程學系 栽培資訊科技領導人才
https://reurl.cc/ARZKDK
伊雲谷、中山大學產學合作 累積雲端資安人才能量
https://ctee.com.tw/industrynews/technology/587459.html
SANS Cyber Aces Online Tutorials
https://tutorials.cyberaces.org/tutorials.html
Free Online Cybersecurity Courses (MOOCs)
https://www.cyberdegrees.org/resources/free-online-courses/
Develop Your Cybersecurity Skills
https://www.cybrary.it/catalog/cybersecurity/
Mobile App Security
https://www.cybrary.it/course/mobile-app-security/
Introduction to Cybersecurity
https://reurl.cc/bnaj6d
How to Tackle SaaS Security Misconfigurations
https://thehackernews.com/2021/11/how-to-tackle-saas-security.html
How to Build a Security Awareness Training Program that Yields Measurable Results
https://thehackernews.com/2021/11/how-to-build-security-awareness.html
Common Attacks
https://choson.lifenet.com.tw/?p=1174
6.近期資安活動及研討會
WTM International Women's Day 2022 2022/3/5
https://www.meetup.com/GDGTaipei/events/284257930/
Just a chat - with no Expectations 2022/3/5
https://www.meetup.com/Taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-Cryptocurrency-Meetup/events/284285574/
Coffee & Code 2022/3/6
https://www.meetup.com/Innovate-Taiwan/events/284285192/
區塊鏈WEB3資安管理教戰手冊 2022/3/9
https://www.accupass.com/event/2202130729525903217230
Android Code Club(Taipei) 2022/3/9
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/284070785/
科技、媒體、組織聯手 共同防制不實訊息論壇 2022/3/11
https://acfd2019.kktix.cc/events/831e3194-copy-2
2022嘉藥反毒與資安機器人競賽 2022/3/12
https://reurl.cc/9OO7kj
Scala Taiwan #39 - 用Scala寫基因體醫學 2022/3/15
https://www.meetup.com/Scala-Taiwan-Meetup/events/284242666/
Flutter Festival Taipei 2022/3/16
https://www.meetup.com/Flutter-Taipei/events/283785315/
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/3/18
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3972&from_course_list_url=homepage
OSCP 高階滲透測試精進班 2022-02-12~2022-03-20
https://college.itri.org.tw/course/all-events/35FC13F1-05A3-44CF-85B1-2D01B6F92632.html
國家高速網路與計算中心教育訓練 「大數據程式開發平台(VM版本)」建置與開發實務課程 2022/5/27
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3983&from_course_list_url=homepage
風險導向資安稽核 2022/7/20
https://www.cisanet.org.tw/Course/Detail/2756
沒有留言:
張貼留言